JSR-250 also provides a few standard annotations that can be used for specifying method security. Spring Security, starting at version 3.0, supports these annotations.
You can enable JSR-250 by using the jsr250Enabled = true annotation in @EnableGlobalMethodSecurity:
@EnableGlobalMethodSecurity(jsr250Enabled = true)
@SpringBootApplication
public class SpringSecurityApplication {
@RolesAllowed is the JSR-250 annotation that is equivalent to @Secured:
@RolesAllowed("ROLE_ADMIN")
public List<User> retrieveAllUsers() {
// Your code
}
@RolesAllowed allows multiple roles to be specified. Method execution is allowed if the user has any of the specified roles:
@RolesAllowed({"ROLE_ADMIN", "ROLE_USER"})
public User retrieveUser(String userName) {
// Your code
}